Do More Research
Get in Touch
  • If you’re interested in a Wind River product, simply answer a few questions and we’ll get in touch right away.
  • If you’d like to speak with someone immediately, call our number for sales inquiries below.

    Toll-free: 800-545-WIND (800-545-9463)

Thank You

Thank you for taking the time to contact us while visiting our website.

A Wind River sales representative will contact you shortly.

Partner Directory

Partner Product

FireFly IP Packet-filtering firewall  (617)
FireFly offers a rules-based dynamic packet-filtering firewall which also supports stateful inspection of packets. It is designed specifically for use in embedded devices. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies. FireFly is a member of the TeamF1 Internet Software Extensions for Classification and Traffic Shaping (INSECTS) suite.

Product Highlights


Filtering Support:

Also available:

Product Description

FireFly is a robust, lean, high performance, packet-filtering firewall implementation that secures access to and from networked embedded devices. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies. Its unique, advanced features include hooks for dynamic firewalling and stateful inspection. Its small footprint and robustness have been specifically designed for use in an embedded environment. FireFly offers unprecedented flexibility and easy customization make it the firewall of choice in embedded networking applications.

Stateful inspection is an enhancement over static and dynamic inspection and provides the ability to track and control the flow of communication passing through the firewall filter. This offers the ability to keep track of state and context information about a session and simplifies rules and tries to interpret higher-level protocols such as NFS and RPC. FireFly provides stateful inspection for TCP/UDP/ICMP packets and further enables custom versions of circuit-level filtering and application-level filtering to be easily added with the hooks provided.

FireFly supports a customizable management interface that can be programmatically controlled or presented through a string-based command layer, which can be easily controlled through a web-server, with structured data files such as XML, or via a command line interface (CLI). Support for rule numbering provides ease of overriding at any level. Customizable hooks for logging and forwarding enable specific actions to be taken when accepting or rejecting packets.

Securing a connected embedded device requires security in different dimensions. FireFly system security features include keeping an embedded device protected from external access on specific ports. This perimeter or system security acts as a powerful complement to network security which protects data in transit, when it is used with security solutions such as SSL, SSH and IPsec solutions by TeamF1. For example, a combination of SSHield SSH tunneling and FireFly restricted external access enables sophisticated security policy settings by allowing only a single or few secure points of entrance through the network to the embedded device.

FireFly is available with optimized editions for both the latest, and older but still popular, versions of VxWorks and embedded Linux. Special attention to optimization includes support for the native network driver model, and enhanced memory management. It has been extensively validated on a variety of CPU architectures to minimize development and integration efforts. FireFly for VxWorks 5.x, 6.x, AE, and platforms such as Network Equipment (PNE), Consumer Devices (PCD) and Industrial Devices (PID) bundles, include optimized support for multi-tasking and memory partitions. FireFly for embedded Linux has been optimized for multi-processing and memory management on the 2.4 and 2.6 kernel variants. It transparently works with a wide selection of stacks including: those bundled with VxWorks, Linux, or NetF1 the high performance stack by TeamF1. Like the other members of the INSECTS suite, it is built as a network service that binds itself with the MUX layer, thereby guaranteeing compatibility with any embedded application with minimal to no changes, and without any special network stack source code requirement.

Web Links

More Information

If you are interested in more information on how Wind River partners with this company, click here.

Subscribe to Wind River

Thank You

Wind River, a wholly owned subsidiary of Intel Corporation (NASDAQ: INTC), is a world leader in embedded and mobile software. Wind River has been pioneering computing inside embedded devices since 1981 and its technology is found in more than 500 million products